Commit Graph

26871 Commits

Author SHA1 Message Date
desrosj
432a1065cd Script Loader: Sync default package script versions in 5.2 branch.
Follow up to [47946], [50074] and [51756].

Fixes #54413.
Built from https://develop.svn.wordpress.org/branches/5.2@52105


git-svn-id: http://core.svn.wordpress.org/branches/5.2@51697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-10 13:37:44 +00:00
desrosj
2c03ecf9b1 HTTP: Remove the DST Root CA X3 certificate expired on September 30, 2021.
> The currently recommended certificate chain as presented to Let’s Encrypt ACME clients when new certificates are issued contains an intermediate certificate (ISRG Root X1) that is signed by an old DST Root CA X3 certificate that expires on 2021-09-30. In some cases the OpenSSL 1.0.2 version will regard the certificates issued by the Let’s Encrypt CA as having an expired trust chain.
> 
> Most up-to-date CA cert trusted bundles, as provided by operating systems, contain this soon-to-be-expired certificate. The current CA cert bundles also contain an ISRG Root X1 self-signed certificate. This means that clients verifying certificate chains can find the alternative non-expired path to the ISRG Root X1 self-signed certificate in their trust store.
> 
> Unfortunately this does not apply to OpenSSL 1.0.2 which always prefers the untrusted chain and if that chain contains a path that leads to an expired trusted root certificate (DST Root CA X3), it will be selected for the certificate verification and the expiration will be reported.

References:
* [https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ Old Let’s Encrypt Root Certificate Expiration and OpenSSL 1.0.2]
* [https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ DST Root CA X3 Expiration (September 2021)]

Follow-up to [25224], [25426], [25569], [27307], [30491], [30765], [34283], [35919], [36570], [46094].

Props bradleyt, fierevere, SergeyBiryukov, peterwilsoncc.
Merges [51883] to the 5.2 branch.
Fixes #54207. See #50828.
Built from https://develop.svn.wordpress.org/branches/5.2@52102


git-svn-id: http://core.svn.wordpress.org/branches/5.2@51694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-11-10 02:18:44 +00:00
desrosj
7c0a526276 WordPress 5.2.12.
Built from https://develop.svn.wordpress.org/branches/5.2@51764


git-svn-id: http://core.svn.wordpress.org/branches/5.2@51371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:37:42 +00:00
desrosj
5a4b00a618 Grouped merges for 5.2.12.
- Update `lodash` to the latest version `4.17.21`.
- Disable some attributes for rich text.
- Use hashed/deterministic moduleIDs in webpack config.

Props ellatrix, peterwilsoncc, get_dave, mcsf, talldanwp, youknowriad, desrosj, nerrad, gziolo.
Merges [50940-50941,50984-50985,51426] to the 5.2 branch.
Built from https://develop.svn.wordpress.org/branches/5.2@51756


git-svn-id: http://core.svn.wordpress.org/branches/5.2@51363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 21:22:54 +00:00
Sergey Biryukov
5702452f4b General: Only use _jsonp_wp_die_handler() for JSONP REST API requests.
Props mdawaffe, peterwilsoncc.
Merges [51740] to the 5.2 branch.
Built from https://develop.svn.wordpress.org/branches/5.2@51747


git-svn-id: http://core.svn.wordpress.org/branches/5.2@51355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-09-08 17:28:31 +00:00
Peter Wilson
504360c3e0 WordPress 5.2.11.
Built from https://develop.svn.wordpress.org/branches/5.2@50874


git-svn-id: http://core.svn.wordpress.org/branches/5.2@50483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 23:16:42 +00:00
Peter Wilson
433a1c9f31 External libraries: Improve attachment handling in PHPMailer
Props: audrasjb, ayeshrajans, desrosj, peterwilsoncc, xknown.
Partially merges [50799] to the 5.2 branch.


Built from https://develop.svn.wordpress.org/branches/5.2@50852


git-svn-id: http://core.svn.wordpress.org/branches/5.2@50461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-05-12 22:29:44 +00:00
Peter Wilson
ffd641f40a Version bump for 5.2.10.
Built from https://develop.svn.wordpress.org/branches/5.2@50741


git-svn-id: http://core.svn.wordpress.org/branches/5.2@50350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:38:32 +00:00
desrosj
8043803e2e Grouped merges for 5.2.10.
* REST API: Allow authors to read their own password protected posts.
* About page update

Merges [50717] to the 5.2 branch.

Built from https://develop.svn.wordpress.org/branches/5.2@50729


git-svn-id: http://core.svn.wordpress.org/branches/5.2@50338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-04-15 01:11:37 +00:00
desrosj
36cc3aab1a Build/Test Tools: Backport GitHub Action and build improvements to the 5.2 branch.
This backports several build and test tool improvements to the 5.2 branch. Most notably, this includes:

- The changes required to allow each workflow to be triggered by the `workflow_dispatch` event so that tests can be run on a schedule [50590].
- The ability to run PHPUnit tests from `src` instead of `build` [50441-50443].
- Splitting single site and multisite tests into parallel jobs [50379].
- Split slow tests into separate, parallel jobs for PHP 5.6 [50444].
- Better branch and path scoping for GitHub Action workflows when running on `pull_request` [50432,50479].
- Several `devDependency` updates.

Merges [50267,50299,50379,50387,50413,50416,50432,50435-50436,50441-50444,50446,50473-50474,50476,50479,50485-50487,50545,50579,50590,50598] to the 5.2 branch.
See #50401, #51734, #51801, #51802, #52548, #52608, #52612, #52623, #52624, #52625, #52645, #52653, #52658, #52660, #52667.
Built from https://develop.svn.wordpress.org/branches/5.2@50606


git-svn-id: http://core.svn.wordpress.org/branches/5.2@50219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-03-26 20:03:48 +00:00
desrosj
cf023b82bd Build/Test Tools: Support NodeJS 14.x in the 5.2 branch.
This updates the 5.2 branch to support the latest LTS version of NodeJS (currently 14.x), allowing the same version to be used across all WordPress branches that receive security updates as a courtesy.

In addition to backporting the package updates that happened after branching 5.2, dependencies that were removed in future releases have also been updated to their latest versions.

Props desrosj, dd32, netweb, jorbin, whyisjake.
Merges [45321,45765,45826,45875,46403-46404,46408-46409,47404,47867,47872-47873,48213,48705,49636,49933,49937,49939-49940,49983,49989,50017,50126,50176,50185] to the 5.2 branch.
See #52341.
Built from https://develop.svn.wordpress.org/branches/5.2@50191


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-02-05 03:20:06 +00:00
Sergey Biryukov
3f4fe8f059 Tests: Skip test_readme() if the HTTP request to secure.php.net or dev.mysql.com failed on timeout.
Move `skipTestOnTimeout()` to `WP_UnitTestCase_Base` to avoid duplication.

Merges [46682] and [46996] to the 5.2 branch.
See #51669.
Built from https://develop.svn.wordpress.org/branches/5.2@50093


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-01-30 13:03:47 +00:00
desrosj
4c0fc42454 Build Tools: One additional coding standards fix now detected after [49514].
See #51624, #48301.
Built from https://develop.svn.wordpress.org/branches/5.2@49515


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 16:38:52 +00:00
desrosj
b4da91521f Build Tools: Fix running installing Composer dependencies using Composer 2.0.
This updates the `dealerdirect/phpcodesniffer-composer-installer` package to allow installing version `0.7.0` which supports Composer 2.0.

It also includes several minor spacing/alignment coding standards fixes that are made as a result of the package update.

Props itowhid06, jrf.
Merges [49306] to the 5.2 branch.
See #51624, #48301.
Built from https://develop.svn.wordpress.org/branches/5.2@49514


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-11-06 16:29:54 +00:00
Sergey Biryukov
130b6904f3 WordPress 5.2.9.
Built from https://develop.svn.wordpress.org/branches/5.2@49461


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 19:50:57 +00:00
whyisjake
0cf9faf171 Upgrade/Install: During the install process, add additional checking for exising tables.
This commit brings the changes in [49452] to the 5.2 branch.

If reinstalling WordPress, there is a condition where tables would exist in the database. Ensures that$

Fixes #51676.

Props xknown, garubi, mukesh27, desrosj, johnbillion, metalandcoffee, davidbaumwald, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@49456


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49215 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-30 18:30:03 +00:00
desrosj
8dd5c0cdec WordPress 5.2.8.
Built from https://develop.svn.wordpress.org/branches/5.2@49412


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 19:37:05 +00:00
whyisjake
505afcd180 General: WordPress updates
* XML-RPC: Improve error messages for unprivileged users.
* External Libraries: Disable deserialization in Requests_Utility_FilteredIterator
* Embeds: Disable embeds on deactivated Multisite sites.
* Coding standards: Modify escaping functions to avoid potential false positives.
* XML-RPC: Return error message if attachment ID is incorrect.
* Upgrade/install: Improve logic check when determining installation status.
* Meta: Sanitize meta key before checking protection status.
* Themes: Ensure that only privileged users can set a background image when a theme is using the deprecated custom background page.

Brings the changes from [49380,49382-49388] to the 5.2 branch.

Props xknown, zieladam, peterwilsoncc, whyisjake, desrosj, dd32.

Built from https://develop.svn.wordpress.org/branches/5.2@49394


git-svn-id: http://core.svn.wordpress.org/branches/5.2@49153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-10-29 18:45:55 +00:00
desrosj
8b8aef2834 WordPress 5.2.7.
Built from https://develop.svn.wordpress.org/branches/5.2@47991


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 21:34:59 +00:00
whyisjake
8e6550737f Editor: Ensure latest comments can only be viewed from public posts.
This brings the changes from [47984] to the 5.2 branch.
Props: poena, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@47986


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 19:26:53 +00:00
desrosj
0d6541c100 General: Backport several commits for release.
- Embeds: Ensure that the title attribute is set correctly on embeds.
- Editor: Prevent HTML decoding on by setting the proper editor context.
- Formatting: Ensure that wp_validate_redirect() sanitizes a wider variety of characters.
- Themes: Ensure a broken theme name is returned properly.
- Administration: Add a new filter to extend set-screen-option. 

Merges [47948-47951] to the 5.2 branch.
Props xknown, sstoqnov, vortfu, SergeyBiryukov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@47960


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 18:12:52 +00:00
Sergey Biryukov
ff95ac1af3 Editor: Bump package-lock.json on the 5.2 branch.
Follow-up to [47946].

See #50094.
Built from https://develop.svn.wordpress.org/branches/5.2@47958


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-10 17:51:12 +00:00
Sergey Biryukov
4f0367ef88 Comments: Ensure that unmoderated comments won't be search indexed.
After a comment is submitted, only allow a brief window where the comment is live on the site.

Props jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov.
Merges [47887] and [47889] to the 5.2 branch.
See #49956.
Built from https://develop.svn.wordpress.org/branches/5.2@47917


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-06 09:59:56 +00:00
desrosj
c9886c5357 WordPress 5.2.6
Built from https://develop.svn.wordpress.org/branches/5.2@47668


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 17:58:51 +00:00
whyisjake
bf5d4c15cc Customize: Add additional filters to Customizer to prevent JSON corruption.
User: Invalidate `user_activation_key` on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Block Editor: Coding standards, properly escape class names.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand `sanitize_file_name` to have better support for utf8 characters.

Brings the changes in [47633], [47634], [47635], [47636], [47637], and [47638] to the 5.2 branch.

Props: aduth, batmoo, ehti, ellatrix, jorgefilipecosta, nickdaugherty, noisysocks, pento, peterwilsoncc, sergeybiryukov, sstoqnov, talldanwp, westi, westonruter, whyisjake, whyisjake, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@47645


git-svn-id: http://core.svn.wordpress.org/branches/5.2@47420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-29 16:07:54 +00:00
Sergey Biryukov
7d171684bc WordPress 5.2.5
Built from https://develop.svn.wordpress.org/branches/5.2@46921


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 20:24:58 +00:00
whyisjake
da95cca74c Ensure that a user can publish_posts before making a post sticky.
Props: danielbachhuber, whyisjake, peterwilson, xknown.

Prevent  stored XSS through wp_targeted_link_rel().

Props: vortfu, whyisjake, peterwilsoncc, xknown,  SergeyBiryukov, flaviozavan.

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes,

`wp_kses_bad_protocol()` makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function.

Brings r46895 to the 5.3 branch.

Props: xknown, nickdaugherty, peterwilsoncc.

Prevent stored XSS in the block editor.

Brings r46896 to the 5.3 branch.

Prevent escaped unicode characters become unescaped in unsafe HTML during JSON decoding.

Props: aduth, epiqueras.

Built from https://develop.svn.wordpress.org/branches/5.2@46901


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-12-12 18:18:54 +00:00
whyisjake
42a430a0a9 REST API: Allow for multiple Vary: Origin headers in GET responses.
Simple fix, we pass false as the second parameter to the header function.

This is something that we added downstream of the 5.2.4 release, but we missed in 5.2/trunk.

Fixes #48309, see also [46544].
Props xknown, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46545


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-15 15:54:53 +00:00
desrosj
d60f90873c Post WordPress 5.2.4 version bump. The 5.2 branch is now 5.2.5-alpha.
Built from https://develop.svn.wordpress.org/branches/5.2@46540


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 22:02:53 +00:00
desrosj
9380cf2995 WordPress 5.2.4.
Built from https://develop.svn.wordpress.org/branches/5.2@46508


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 20:06:55 +00:00
whyisjake
e9ecfd078e REST API: Send a Vary: Origin header on GET requests.
Add this header on all GET requests to prevent cached requests.

Fixes some code dulication from [46484] and backports the changes from [46484] to the 5.2 branch.
Props darthhexx, davidbinda, nickdaugherty, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46487


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:44:54 +00:00
whyisjake
0ca56956ae Administration: Ensure that admin referer nonce is valid.
Coding standards, ensure that nonce is valid with identical, rather then equal operator.

Backports [46477] to the 5.2 branch.
Props vortfu, xknown, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46486


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 17:34:53 +00:00
whyisjake
cbc773dcbb Filesystem API: Prevent directory travelersals when creating new folders.
Reject file paths that contain sub-directory paths.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46484


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:34:53 +00:00
whyisjake
e5e18e9b15 Filesystem API: Prevent directory travelersals when creating new folders.
Reject file paths that contain sub-directory paths.

Backports [46476] to the 5.2 branch.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46482


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:13:53 +00:00
whyisjake
c4a25f9386 Add merge information missed in r46474-46475.
Built from https://develop.svn.wordpress.org/branches/5.2@46481


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 16:09:51 +00:00
whyisjake
f0335c6a8b HTTP API: Protect against hex interpretation.
Return earlier from wp_http_validate_url().

Props: iandunn, xknown, voldemortensen, whyisjake.

Built from https://develop.svn.wordpress.org/branches/5.2@46480


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:52:53 +00:00
whyisjake
f82ed753cf Query: Remove the static query property.
Prevent unauthenticated views of publicly queryables content types.

Props aaroncampbell, whyisjake, nickdaugherty, xknown.

Built from https://develop.svn.wordpress.org/branches/5.2@46479


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 15:51:54 +00:00
Sergey Biryukov
c83ea95120 Formatting: In wp_validate_redirect(), normalize the path when validating the location for relative URLs, to account for Windows paths.
Props peterwilsoncc, rconde, jmmathc, mat-lipe, Sixes, justinahinon, cmagrin, daxelrod, SergeyBiryukov.
Merges [46472] to the 5.2 branch.
Fixes #47980.
Built from https://develop.svn.wordpress.org/branches/5.2@46473


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-14 11:04:55 +00:00
desrosj
5753d19fe4 Build/Test Tools: Remove PHP 7.4 and nightly builds from Travis.
See #48225.
Built from https://develop.svn.wordpress.org/branches/5.2@46406


git-svn-id: http://core.svn.wordpress.org/branches/5.2@46205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-10-05 16:58:53 +00:00
whyisjake
e4b3059eb2 Remove the extra call for wp-sanitize from the script loader.
Merges [46073] to the 5.2 branch.
Fixes #47986.


Built from https://develop.svn.wordpress.org/branches/5.2@46074


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-06 21:56:54 +00:00
Sergey Biryukov
fd1d9bb298 Post WordPress 5.2.3 version bump.
Built from https://develop.svn.wordpress.org/branches/5.2@46065


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-05 02:16:54 +00:00
whyisjake
e3194da7eb WordPress 5.2.3.
Built from https://develop.svn.wordpress.org/branches/5.2@46047


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:09:18 +00:00
desrosj
2df5a45321 Help/About: Update the About page for 5.2.3.
Props whyisjake, desrosj.
Fixes #47923.
Built from https://develop.svn.wordpress.org/branches/5.2@46046


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45858 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 22:08:25 +00:00
Sergey Biryukov
cbd492abd3 Coding Standards: Fix WPCS issue in [45990].
Merges [46019] to the 5.2. branch.
Built from https://develop.svn.wordpress.org/branches/5.2@46022


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45833 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 21:46:48 +00:00
desrosj
a3c199b473 Fix for URL sanitization in wp_kses_bad_protocol_once().
Merges [45997] to the 5.2 branch.

Props irsdl, sstoqnov, whyisjake.
Built from https://develop.svn.wordpress.org/branches/5.2@46000


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:57:52 +00:00
Sergey Biryukov
50f2f05956 Improve handling the existing rel attribute in wp_rel_nofollow_callback().
Merges [45990] to the 5.2 branch.
Props xknown, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.2@45991


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45802 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:39:51 +00:00
whyisjake
affedce0a8 Update wp.a11y.speak() to sanitize HTML before display.
Merges [45979] to the 5.2 branch

Props iandunn, adamsilverstein, sstoqnov, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/5.2@45989


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 17:23:52 +00:00
Sergey Biryukov
684ef4e3a7 Improve URL validation in wp_validate_redirect().
Merges [45971] to the 5.2 branch.
Props vortfu, whyisjake, peterwilsoncc.
Built from https://develop.svn.wordpress.org/branches/5.2@45972


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:58:52 +00:00
Sergey Biryukov
4315d85d65 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 5.2 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/5.2@45938


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:15:51 +00:00
whyisjake
6a63bf0361 Remove _convert_urlencoded_to_entities() from the get_the_content() callback.
Props vortfu, whyisjake, peterwilsoncc

Built from https://develop.svn.wordpress.org/branches/5.2@45937


git-svn-id: http://core.svn.wordpress.org/branches/5.2@45748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:10:52 +00:00